Wonderland

image

Penetration Testing Methodology

Reconnaissance

• nmap

Enumeration

• Directory Bruteforce using dirbuster & Gobuster

Exploitation

Privilege Escalation

Capturing the flag

• user.txt

• root.txt

---

Walkthrough - There is so many rabbit hole. Watch out.

1. nmap - to find open port

nmap -A 10.10.177.100

1. enumerate directory (Gobuster // Dirbuster)

gobuster dir -u http://10.10.177.100/ -w /root/List/directory-list-2.3-medium.txt -t 80 -x .txt,.php,.html

or

dirbuster

-> We can use any Gobuster or Dirbuster. But for this machine I recommend use dirbuster. It will make your task easier.

First

image

Second

image

Third

image

Fourth

image

Fifth

image

Sixth

image

Seventh

image

1. ssh

ssh *****@10.10.177.100

ls -al

Oops, there is root.txt. But we can't opened it.

image

Here, where the hint is really useful.

image

okay then we try a usual place for root.txt.

cat /root/user.txt

image

Well, that was an easy guess I think.

By AdaniKamal